Hi rob
I don't know anything about kerberizing postgres but I would guess
that you created a service keytab for psql, is that right?
Yes i have created a service keytab for postgres .
Check the permissions of the keytab. Permission denied usually means
that the server can't read its own keytab.
Thank you.
You were right. I have changed the file ownership to set the postgres
user as file owner and i don't have the
permission denied message anymore :)
If this doesn't fix it can you outline what you've done so far in
configuring psql?
I walk forward in the configuration, but there is always some issues
that i don't understand... but they are closest to
postgres than kerberos.
I have configured a user called jeradm in postgres and created a
principal in freeipa/kerberos called [email protected].
I need to do (starting from an other user account) :
su - jeradm;
kinit jeradm;
psql -d postgres -h ipa0
to connect to the database with the jeradm account.
If i stay as the root user system and do :
kinit jeradm;
psql -d postgres -h ipa0
Postgresql prevent me from connecting to the database and in the log i
have messages like
[ipa0][postgres] FATAL: GSSAPI authentication failed for user "root"
[ipa0][postgres] LOG: provided username (root) and authenticated
username (jeradm) don't match
In my rookie comprehension of kerberos, psql will have to use my ticket
to identify the user to use for connection... but
it keep using my current linux user account ...
I think that i haved missed something....
Thank you Rob :)
Jérôme
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
